Back to skill
Skillv1.0.0
ClawScan security
HerCycle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 2, 2026, 9:07 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions require Whoop/WhoopClaw credentials and call local endpoints and third‑party services, but the registry metadata omits those requirements and the SKILL.md contains inconsistent/underspecified integration details — this mismatch is concerning and worth review before installing.
- Guidance
- Do not install blindly. The SKILL.md requires a running WhoopClaw instance and Whoop API credentials (WHOOP_CLIENT_ID/SECRET) and implies additional integrations (Spotify, calendar, Telegram IDs) that are not declared in the registry metadata. Before installing: 1) confirm the skill's source and review WhoopClaw code you will point it at (running a third‑party backend on localhost can expose local services); 2) ensure any API keys you provide are minimal-scope and easily revocable; 3) verify which external tokens (Spotify, calendar) the skill will request and refuse to provide tokens you don't trust; 4) ask the publisher to correct metadata to list required env vars and to clarify endpoints and exact data flows; and 5) if you want to test, run WhoopClaw in an isolated/sandboxed environment and monitor network calls to confirm behavior. If the publisher cannot explain the missing credential declarations and endpoint inconsistencies, treat the skill as untrusted.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to read Whoop biometrics via a local WhoopClaw backend and optionally trigger Spotify/calendar actions. Those capabilities legitimately require Whoop API credentials, a WhoopClaw base URL, and likely Spotify/calendar credentials — but the published metadata lists no required env vars/credentials. The declared purpose (Whoop-based cycle intelligence) aligns with the described endpoints, but the registry underreports needed capabilities and integrations (Spotify, calendar, possibly Telegram) which is incoherent.
- Instruction Scope
- concernSKILL.md instructs the agent to call local WhoopClaw endpoints (e.g., /whoop/recovery, /whoop/metrics/skin-temp, /cycle/current-phase) and to 'pull live data' before making recommendations. It also references reading a WhoopClaw DB table (`cycle_tracking`) and optional external modules (Spotify engine, calendar) — these broaden scope beyond a read-only recommendation interface. There are small inconsistencies in endpoint names across files (e.g., /cycle/current vs /cycle/current-phase) and unspecified use of identifiers (telegram_id) and triggers, leaving the agent broad latitude to access local network endpoints and external services.
- Install Mechanism
- okNo install spec and no code files: the skill is instruction-only, so it does not install packages or write files. This is lower risk from an installation standpoint, but increases reliance on runtime calls to local/external services described in the docs.
- Credentials
- concernThe SKILL.md explicitly lists WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET and WHOOPLAW_BASE_URL as setup requirements (and implies Spotify/calendar credentials and identifiers like telegram_id), but the registry metadata declares no required env vars or primary credential. Underdeclaring required credentials is a red flag: it obfuscates which sensitive tokens the agent will need to access and transmit to local/external endpoints.
- Persistence & Privilege
- notealways:false (not force-included) and model invocation is allowed (default). Autonomous invocation is normal for skills; combined with the above concerns (local endpoint access, omitted creds), this increases potential exposure, but there is no indication the skill requests permanent system-level privileges or modifies other skills.